Debit card data breach: RBI and NPCI may bring shielding measures

The banking industry in the country’s tiny shock from the debit card data breach may initiate bank initiated data protection measures according to the industry experts. Reserve Bank of India already held a meeting of major bankers and payment industry experts to avoid such incidents in future.

In the meeting held on Monday, the RBI asked all lenders to report cyber security issues on a real-time basis. This increases the administrative burden of banks to ensure data security as every case of breach has to be immediately reported.

Similarly, banks may have to centralize their cyber security operations instead of outsourcing it.

Earlier in an instruction to banks, the RBI pointed out that banks “need to report all unusual cyber-security incidents (whether they were successful or were attempts which did not fructify) to the Reserve Bank,”

The country’s banking system is shell-shocked after the report that nearly 3.2 million cards out of the total 700 mn cards are affected by data attack. Debit card data from both foreign and domestic cards have stolen. The domestic Rupay card is less affected according to available information.

Data were stolen between 25 May and 10 July from the Yes Bank Ltd ATMs network managed by Hitachi Payment Services Pvt. Ltd

Additional steps will be initiated after the forensic audit report from payment security specialist firm SISA Information Security Pvt. Ltd.

Most industry observers see that ensuring data security will fall more on banks with immediate reporting of data thefts and spending of more efforts and resources. Now banks feel that debt card and ATM services is a loss making one for banks. With this incident, banks will be instructed to shift away from that psyche and have to put more money on data security on card activities in immediate future.

*********